June 24, 2013, 11:49 AM — Paranoia--in small doses--is an excellent preventive medicine. If you think your business is too small to be a target for hackers, identity thieves, and similarly unsavory characters, you're dangerously underestimating the value of your business.
IT security might seem to be a daunting prospect for a small business without an expert staff, a large budget, or expensive consultants, but you can take a number of easily implemented measures to lock down the personal computers your business relies on. Here are five simple security tips you should implement today.
Encrypt your hard drives
The first step is to implement full-disk encryption on each one of your company's PCs. This step is crucial because system passwords alone offer no defense against hackers' accessing the hard drive from another computer, or against someone's attempts to clone its entire contents for off-site examination. In addition, recovering previously deleted files from an unencrypted storage device or disk image is a relatively trivial matter for an attacker or snoop.
Selectively encrypting sensitive folders or files works, too, but full-disk encryption is the best means of ensuring that every file is protected. Microsoft's BitLocker is the gold standard for this task, thanks to its ease of use and the fact that it comes standard with the Ultimate and Enterprise versions of Windows 7, and with the Ultimate and Professional versions of Windows 8.
Although you can upgrade to one of these versions of Windows to obtain BitLocker, such a move can be cost-prohibitive if you have more than a few computers in the office. You can also find no-cost encryption software in the form of DiskCryptor and TrueCrypt (although the latter is not compatible with Windows 8). You must take care, however, to ensure that these programs are properly configured.
"One needs to consider every particular case," says ReclaiMe spokesperson Elena Pakhomova, "since encryption is sometimes implemented incorrectly and you still have a chance to extract data." ReclaiMe develops software for recovering data from hard drives and RAID configuration parameters, among other programs. For details on how to encrypt files the right way, read our hands-on guide.
Enabling disk encryption automatically mandates the use of passwords, but it does nothing to stop users from choosing passwords that are easily cracked. Given that the strongest encryption is of little use if the passphrase is quickly guessed, it makes sense to choose a robust password that is not too short and that contains sufficient complexity.
Once disk encryption and strong passwords are in place, you can further harden your security by configuring Windows to prompt for the password upon waking from sleep mode. Be sure to set a reasonably short inactivity timeout of no more than 10 to 15 minutes for the PC to enter sleep mode.
Better yet, develop the habit of using the Windows-L keyboard shortcut to lock your PC when you step away from it--even if you'll be gone for just a few minutes. This step not only prevents data from being siphoned out during your absence but also serves as an effective way to prevent unscrupulous insiders with physical access to your computer from installing malware on it surreptitiously.
Use secure portable storage
Conceived by Microsoft as a way to protect data stored on portable storage devices, the excellent BitLocker to Go technology can prevent lost or stolen storage devices from becoming liabilities. Although you can enable BitLocker to Go on an external drive only through one of the aforementioned BitLocker-equipped versions of Windows, a BitLocker to Go-enabled device can be subsequently used on all supported Windows operating systems, meaning that a small business can implement it companywide without having to upgrade everyone to a Windows edition that includes BitLocker.
You should be aware, however, that computers running Windows XP or Windows Vista won't recognize USB drives encrypted with BitLocker to Go unless you install the BitLocker to Go app. Mac OS X computers won't recognize such drives, either. You can read more about using BitLocker to Go with Windows 8 in our complete guide.
A hardware alternative would be to make use of specialized hardware-encrypted storage devices, such as the Lok-It flash drive or the Apricorn Aegis Bio portable hard drive. Be particularly careful with unbranded devices or those from vendors with no track record, as not all devices offering hardware encryption implement it correctly.
Use a password manager
No one disputes the value of using a different password for each website, but surprisingly few people actually follow the practice. Most users opt for the convenience of using the same password across multiple Web services, even though it leaves them open to severe consequences--including identity theft and financial loss--should hackers snag their password.
Instead of trying to memorize a dozen different passwords, set up the right tool to better manage your passwords. Numerous apps are capable of this, including Sticky Password Pro, LastPass, and Roboform. As a bonus, many of these tools can generate strong passwords on demand and can even fill out login pages with the correct password automatically.
Don't ignore security updates
Finally, it is of paramount importance to ensure that your computer has the latest software updates and security patches. Confirm that Windows Update is correctly configured to download updates automatically, and then periodically check for errors or failed updates. The same advice goes for common attack vectors such as Oracle's Java runtime environment (JRE) and popular software such as Adobe Reader and Apple QuickTime. A software tool that is of invaluable help here is Secunia Personal Software Inspector (PSI), a free patch-management program that tracks and installs updates to a large number of third-party applications.